On the interceptor page, click Create an OAuth API endpoint for
external clients and then fill in the form.

Field

Description

Name

A unique name that identifies the application that you
require OAuth access for.

Client ID

[Read-Only] The auto-generated unique ID of the
application. The instance uses the client ID when requesting
an access token.

Client Secret

[Required] The shared secret string that both the
instance and the client application or website use to
authorize communications with one another. The instance uses
the client secret when requesting an access token. Leave
this field blank to have the instance auto-generate a client
secret. To display existing client secrets, click the lock
icon.

Redirect URL

The callback URL that the authorization server
redirects to. Enter the full URLs of the clients requesting
access to the resource, appended by
/oauth_redirect.do. For example,
http://token_consumer:port/oauth_redirect.do.
Enter as many URLs as needed for all possible token
consumers. The instance matches the URL of the incoming
request to one of the redirect URLs. If no match is made,
the instance uses the first redirect URL.

Logo URL

The URL that contains an image to use as the application
logo. The logo appears on the approval page when the user
receives a request to grant a client application access to a
restricted resource on the instance.

Active

Select the check box to make the application registry
active.

Refresh Token Lifespan

The number of seconds that a refresh token is valid. The
instance uses the lifespan value when requesting a refresh
token. By default, refresh tokens expire in 100 days
(8640000 seconds).

Access Token Lifespan

The number of seconds that an access token is valid. The
instance uses the lifespan value when requesting an access
token. By default, access tokens expire in 30 minutes (1800
seconds).

Comments

Additional information to associate with the
application.

Click Submit. The record is saved in the Application
Registries [oauth_entity] table.

Result

The system creates a record in the Application Registries [oauth_entity] table with
of type OAuth Client. When the instance actually issues tokens and authorization
codes, they are stored in the table. See Manage OAuth tokens for more
information.

On the interceptor page, click Create an OAuth API endpoint for
external clients and then fill in the form.

Field

Description

Name

A unique name that identifies the application that you
require OAuth access for.

Client ID

[Read-Only] The auto-generated unique ID of the
application. The instance uses the client ID when requesting
an access token.

Client Secret

[Required] The shared secret string that both the
instance and the client application or website use to
authorize communications with one another. The instance uses
the client secret when requesting an access token. Leave
this field blank to have the instance auto-generate a client
secret. To display existing client secrets, click the lock
icon.

Redirect URL

The callback URL that the authorization server
redirects to. Enter the full URLs of the clients requesting
access to the resource, appended by
/oauth_redirect.do. For example,
http://token_consumer:port/oauth_redirect.do.
Enter as many URLs as needed for all possible token
consumers. The instance matches the URL of the incoming
request to one of the redirect URLs. If no match is made,
the instance uses the first redirect URL.

Logo URL

The URL that contains an image to use as the application
logo. The logo appears on the approval page when the user
receives a request to grant a client application access to a
restricted resource on the instance.

Active

Select the check box to make the application registry
active.

Refresh Token Lifespan

The number of seconds that a refresh token is valid. The
instance uses the lifespan value when requesting a refresh
token. By default, refresh tokens expire in 100 days
(8640000 seconds).

Access Token Lifespan

The number of seconds that an access token is valid. The
instance uses the lifespan value when requesting an access
token. By default, access tokens expire in 30 minutes (1800
seconds).

Comments

Additional information to associate with the
application.

Click Submit. The record is saved in the Application
Registries [oauth_entity] table.

Result

The system creates a record in the Application Registries [oauth_entity] table with
of type OAuth Client. When the instance actually issues tokens and authorization
codes, they are stored in the table. See Manage OAuth tokens for more
information.

Share this page

Feedback

Please rate the usefulness of this page

What would you like to tell us about this specific page?

Provide your email if you'd like us to respond

Provide your email if you'd like us to respond

Confirm

We were unable to find "Coaching" in
Jakarta.
Would you like to search instead?

SubscribeSubscribedUnsubscribeLast updated:Tags:JanuaryFebruaryMarchAprilMayJuneJulyAugustSeptemberOctoberNovemberDecemberNo Results FoundVersionsSearch preferences successfully updatedMy release version successfully updatedMy release version successfully deletedAn error has occurred. Please try again later.You have been unsubscribed from all topics.You are now subscribed toand will receive notifications if any changes are made to this page.You have been unsubscribed from this contentThank you for your feedback.Form temporarily unavailable. Please try again or contact
docfeedback@servicenow.com
to submit your comments.The topic you requested does not exist in therelease. You were redirected to a related topic instead.The available release versions for this topic are listedThere is no specific version for this documentation.Explore productsClick to go to thepage.Release notes and upgradesClick to open thedropdown menu.DeleteRemoveNo selected versionReset